BloxOne Threat Defence Cloud
App Vendor: Infoblox
App Category: Network Security
Connector Version: 1.0.0
API Version: v1
About App
BloxOne Threat Defense is a hybrid cybersecurity solution that leverages a domain name server (DNS) as the first line of defense to detect and block cyber threats.
The BloxOne Threat Defence Cloud app is configured with Orchestrate to perform the following actions:
Action Name | Description |
|---|---|
Create Internal Domains | This action creates an internal domain object. |
Create Named List | This action creates a named list object. |
Create Network List | This action creates a network list object. |
Create Security Policy | This action creates a security policy object. |
Generic Action | This is a generic action that transcends the actions implemented by requesting any endpoint. |
List Access Codes | This action retrieves a list of bypass code objects. |
List Internal Domains | This action retrieves a list of internal domain objects. |
List Named Lists | This action retrieves a list of named list-objects. |
List Network Lists | This action retrieves a list of network list-objects. |
List Security Policies | This action retrieves a list of security policy objects. |
List Security Policy Rules | This action retrieves a list of security policy rules. |
List Threat Feeds | This action retrieves a list of threat feeds. |
Read Access Codes | This action retrieves a bypass code object. |
Read Internal Domains | This action retrieves an internal domain object. |
Read Named List | This action retrieves a named list object. |
Read Network List | This action retrieves a network list object. |
Read Security Policy | This action retrieves a security policy object. |
Update Internal Domains | This action updates an internal domain object. |
Update Named List | This action updates a named list object. |
Update Network List | This action updates a network list object. |
Update Security Policy | This action updates a security policy object. |
Configuration Parameters
The following configuration parameters are required for the BloxOne Threat Defence Cloud app to communicate with the BloxOne Threat Defence Cloud enterprise application. The parameters can be configured by creating instances in the app.
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Base URL | Enter the base URL to authenticate with BloxOne Threat Defence Cloud. | Text | Required | |
API Key | Enter the API key to access BloxOne Threat Defence Cloud. | Password | Required | |
Verify | Choose to enable the SSL certificate verification of BloxOne Threat Defence Cloud. | Boolean | Optional | |
Timeout | Enter the timeout value in seconds for BloxOne Threat Defence Cloud. | Integer | Optional |
Action: Create Internal Domains
This action creates an internal domain object.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Name | Enter a name within 256 characters for the internal domain object. Example: internal_domains_lists | Text | Required | |
Internal domains | Enter a list of internal domains. Example: ["example.com","198.51.100.0"] | List | Required | |
Description | Enter a description within 256 characters for the internal domain object. | Text | Optional | |
Is default | Choose whether is_default should be true/false. | Boolean | Optional | |
Tags | Enter a dictionary of tags. | Key Value | Optional |
Example Request
{
"description": "Internal Domain lists A description",
"internal_domains": [
"example.com",
"198.51.100.0"
],
"is_default": false,
"name": "internal_domains_lists",
"tags": {}
}Action: Create Named List
This action creates a named list object.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Name | Enter a name within 256 characters for the named list object. Example; named_list_a | Text | Required | |
Type value | Enter a type name. Example: custom_list | Text | Required | |
Items described | Enter a list of dictionaries containing the item name and a description. Example: [{"description":"Item 1 Description","item":"example1.somedomain.com"}, {"description":"Item 2 Description","item":"193.56.2.11/32"}, {"description":"Item 3 Description","item":"2001:db8:ffff:ffff:ffff:ffff:ffff:fff1/128"}] | List | Required | |
Confidence level | Enter a confidence level to attach to the named list object. | Text | Optional | |
Description | Enter a description within 256 characters for the named list object. | Text | Optional | |
Policies | Enter a list of security policies to attach to the named list object. Example: ["security_policy_a","security_policy_b"] | List | Optional | |
Tags | Enter a dictionary of tags. | Key Value | Optional | |
Threat level | Enter a threat level. | Text | Optional |
Example Request
{
"confidence_level": "LOW",
"description": "Named List A Description",
"items": [
"example1.somedomain.com",
"193.56.2.11/32",
"2001:db8:ffff:ffff:ffff:ffff:ffff:fff1/128"
],
"items_described": [
{
"description": "Item 1 Description",
"item": "example1.somedomain.com"
},
{
"description": "Item 2 Description",
"item": "193.56.2.11/32"
},
{
"description": "Item 3 Description",
"item": "2001:db8:ffff:ffff:ffff:ffff:ffff:fff1/128"
}
],
"name": "named_list_a",
"policies": [
"security_policy_a",
"security_policy_b"
],
"tags": {},
"threat_level": "INFO",
"type": "custom_list"
}Action: Create Network List
This action creates a network list object.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Name | Enter a name within 256 characters for the network list object. Example: network_list_a | Text | Required | |
Items | Enter a list of network items. Example: ["156.2.3.0/24","98.36.1.4/31","2001:db8:1::/48","2001:db8::2/128"] | List | Required | |
Description | Enter a description within 256 characters. | Text | Optional |
Example Request
{
"description": "Network List A Description",
"items": [
"156.2.3.0/24",
"98.36.1.4/31",
"2001:db8:1::/48",
"2001:db8::2/128"
],
"name": "network_list_a"
}Action: Create Security Policy
This action creates a security policy object.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Request body | Enter the request body in string format. | Text | Required | The following field is mandatory:
|
Example Request
{
"access_codes": [
"string"
],
"default_action": "action_allow",
"default_redirect_name": "redirect_a",
"description": "Security Policy A Description",
"dfp_services": [
"u2y3w3fuhhtx7aykfkuergkuboc33wyqrrmjnr5tyrlyredwow374gu5uwzqnsb6",
"u2y3w3fuhhtx7aykfkuergkuboc33wyqrrmjnr5tyrlyredwow374gu5uwzqaweq"
],
"dfps": [
12456,
163211
],
"ecs": true,
"name": "security_policy_a",
"net_address_dfps": [
{
"addr_net": "string",
"end": "string",
"external_scope_id": "string",
"host_id": "string",
"ip_space_id": "string",
"scope_type": "UNKNOWN",
"start": "string"
}
],
"network_lists": [
522436,
23465
],
"onprem_resolve": true,
"precedence": 0,
"roaming_device_groups": [
56312,
461345
],
"rules": [
{
"action": "action_block",
"data": "custom_list_a",
"policy_name": "security_policy_a",
"redirect_name": "redirect_a",
"type": "custom_list"
}
],
"safe_search": true,
"tags": {},
"user_groups": [
"string"
]
Action: List Access Codes
This action retrieves a list of bypass code objects.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Filter expression | Enter a logical expression to filter bypass code objects. Example: ((name=='acc_code')or(name~'key'))and(security_policy_id!=32) | Text | Required | |
Offset | Enter an offset value. | Integer | Optional | |
Limit | Enter the number of resources to be returned. | Integer | Optional | |
Page token | Enter a service-defined string to identify a page of resources. | Text | Optional |
Example Request
?_filter="((name=='acc_code')or(name~'key'))and(security_policy_id!=32)"
Action: List Internal Domains
This action retrieves a list of internal domains objects.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Filter expression | Enter a logical expression to filter internal domains objects. Example: ((name=='internal_dom_a')or(name~'internal_dom_b')) | Text | Required | |
Fields | Enter a comma-separated list of JSON tag names. | Text | Optional | |
Offset | Enter an offset value. | Integer | Optional | |
Limit | Enter the number of resources to be returned. | Integer | Optional | |
Page token | Enter a service-defined string to identify a page of resources. | Text | Optional | |
Tfilter | Enter the tags to filter the response by. | Text | Optional | |
Torder by | Enter the tags to sort the responses by. | Text | Optional |
Example Request
?_filter="((name=='internal_dom_a')or(name~'internal_dom_b'))"
Action: List Named Lists
This action retrieves a list of named list-objects.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Filter expression | Enter a logical expression to filter named lists. Example: ((name=='net_list1')or(name~'list_b'))and(default_security_policy!='true') | Text | Required | |
Fields | Enter a comma-separated list of JSON tag names. | Text | Optional | |
Offset | Enter an offset value. | Integer | Optional | |
Limit | Enter the number of resources to be returned. | Integer | Optional | |
Page token | Enter a service-defined string to identify a page of resources. | Text | Optional | |
Tfilter | Enter the tags to filter the response by. | Text | Optional | |
Torder by | Enter the tags to sort the responses by. | Text | Optional |
Example Request
?_filter="((name=='net_list1')or(name~'list_b'))and(default_security_policy!='true')"
Action: List Network Lists
This action retrieves a list of network list-objects.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Filter expression | Enter a logical expression to filter network lists. Example: ((name=='net_list1')or(name~'list_b'))and(default_security_policy!='true') | Text | Required | |
Fields | Enter a comma-separated list of JSON tag names. | Text | Optional | |
Offset | Enter an offset value. | Integer | Optional | |
Limit | Enter the number of resources to be returned. | Integer | Optional | |
Page token | Enter a service-defined string to identify a page of resources. | Text | Optional |
Example Request
?_filter="((name=='net_list1')or(name~'list_b'))and(default_security_policy!='true')"
Action: List Security Policies
This action retrieves a list of security policy objects.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Filter expression | Enter a logical expression to filter security policies. (name=='sec_policy_a')or(name~'policy_b'))and(is_default!='true') | Text | Required | |
Fields | Enter a comma-separated list of JSON tag names. | Text | Optional | |
Include access codes | Choose whether to include access codes or not. | Boolean | Optional | |
Offset | Enter an offset value. | Integer | Optional | |
Limit | Enter the number of resources to be returned. | Integer | Optional | |
Page token | Enter a service-defined string to identify a page of resources. | Text | Optional | |
Tfilter | Enter the tags to filter the response by. | Text | Optional | |
Torder by | Enter the tags to sort the responses by. | Text | Optional |
Example Request
?_filter="((name=='sec_policy_a')or(name~'policy_b'))and(is_default!='true')"
Action: List Security Policy Rules
This action retrieves a list of security policy rules.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Filter expression | Enter a logical expression to filter security policies. | Text | Required | |
Fields | Enter a comma-separated list of JSON tag names. | Text | Optional | |
Offset | Enter an offset value. | Integer | Optional | |
Limit | Enter the number of resources to be returned. | Integer | Optional | |
Page token | Enter a service-defined string to identify a page of resources. | Text | Optional |
Action: List Threat Feeds
This action is used to retrieve a list of threat feeds.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Filter expression | Enter a logical expression to filter security policies. Example: ((name=='AntiMalware')or(name~'FarSightNOD')) | Text | Required | |
Fields | Enter a comma-separated list of JSON tag names. | Text | Optional | |
Offset | Enter an offset value. | Integer | Optional | |
Limit | Enter the number of resources to be returned. | Text | Optional | |
Page token | Enter a service-defined string to identify a page of resources. | Text | Optional |
Example Request
?_filter="((name=='AntiMalware')or(name~'FarSightNOD'))"
Action: Read Access Codes
This action retrieves a bypass code object.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Access key | Enter the bypass code identifier. | Text | Required | |
Name | Enter the bypass code name. | Text | Optional |
Action: Read Internal Domains
This action retrieves an internal domain object.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Id | Enter the internal domains object identifier. | Integer | Required | |
Name | Enter a name for the internal domains object. | Text | Optional | |
Fields | Enter a comma-separated list of JSON tag names. | Text | Optional | |
Offset | Enter an offset value. | Integer | Optional | |
Limit | Enter the number of resources to be returned. | Integer | Optional | |
Page token | Enter a service-defined string to identify a page of resources. | Text | Optional |
Action: Read Named List
This action retrieves a named list object.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Id | Enter the named list object identifier. | Integer | Required | |
Name | Enter a name for the named list object. | Text | Optional | Use along with type parameter, available only when ID is set to 0 |
Type value | Enter the type of named list to read. | Text | Optional | |
Fields | Enter a comma-separated list of JSON tag names. | Text | Optional | |
Offset | Enter an offset value. | Integer | Optional | |
Limit | Enter the number of resources to be returned. | Integer | Optional | |
Page token | Enter a service-defined string to identify a page of resources. | Text | Optional |
Action: Read Network List
This action retrieves a network list object.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Id | Enter the network list object identifier. | Integer | Required | |
Fields | Enter a comma-separated list of JSON tag names. | Text | Optional | |
Name | Enter a name for the network list object. | Text | Optional |
Action: Read Security Policy
This action retrieves a security policy object.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Id | Enter the security policy object identifier. | Integer | Required | |
Fields | Enter a comma-separated list of JSON tag names. | Text | Required | |
Name | Enter a name for the security policy object. | Text | Required |
Action: Update Internal Domains
This action updates an internal domain object.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Id | Enter the internal domains object identifier. | Integer | Required | |
Name | Enter new/updated name within 256 characters for internal domains object. Example: internal_domains_lists | Text | Required | |
Internal domains | Enter a new/updated list of internal domains. Example: ["example.somedomain.com","187.13.5.64"] | List | Required | |
Description | Enter new/updated description within 256 characters for internal domains object. | Text | Optional | |
Is default | Choose whether is_default should be true/false. | Boolean | Optional | |
Tags | Enter new/updated tags dictionary. | Key Value | Optional |
Example Request
{
"description": "Internal Domain lists A description",
"internal_domains": [
"example.somedomain.com",
"187.13.5.64"
],
"is_default": false,
"name": "internal_domains_lists",
"tags": {}
}Action: Update Named List
This action updates a named list object.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Id | Enter the named list object identifier. | Integer | Required | |
Items described | Enter a new/updated list of dictionaries containing item names and a description. Example: [{"description":"Item 1 Description","item":"example1.somedomain.com"}, {"description":"Item 2 Description","item":"193.56.2.11/32"}, {"description":"Item 3 Description","item":"2001:db8:ffff:ffff:ffff:ffff:ffff:fff1/128"}] | List | Required | |
Confidence level | Enter new/updated confidence level to attach to the named list object. | Text | Optional | |
Description | Enter new/updated description within 256 charcters for named list object. | Text | Optional | |
Name | Enter new/updated name within 256 charcters for named list object. Example: named_list_a | Text | Optional | |
Policies | Enter a new/updated list of security policies to attach to the named list object. Example: ["security_policy_a","security_policy_b"] | List | Optional | |
Tags | Enter new/updated tags dictionary. | Key Value | Optional | |
Threat level | Enter new/updated threat level. | Text | Optional |
Example Request
{
"confidence_level": "LOW",
"description": "Named List A Description",
"items": [
"example1.somedomain.com",
"193.56.2.11/32",
"2001:db8:ffff:ffff:ffff:ffff:ffff:fff1/128"
],
"items_described": [
{
"description": "Item 1 Description",
"item": "example1.somedomain.com"
},
{
"description": "Item 2 Description",
"item": "193.56.2.11/32"
},
{
"description": "Item 3 Description",
"item": "2001:db8:ffff:ffff:ffff:ffff:ffff:fff1/128"
}
],
"name": "named_list_a",
"policies": [
"security_policy_a",
"security_policy_b"
],
"tags": {},
"threat_level": "INFO",
"type": "custom_list"
}Action: Update Network List
This action is used to update a network list object.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Id | Enter the network list object identifier. | Integer | Required | |
Name | Enter a new/updated name within 256 characters for the network list object. Example: network_list_a | Text | Required | |
Items | Enter a new/updated list of network items. Example: ["156.2.3.0/24","98.36.1.4/31","2001:db8:1::/48","2001:db8::2/128"] | List | Required | |
Description | Enter a new/updated description within 256 characters for the network list object. | Text | Optional |
Example Request
{
"description": "Network List A Description",
"items": [
"156.2.3.0/24",
"98.36.1.4/31",
"2001:db8:1::/48",
"2001:db8::2/128"
],
"name": "network_list_a"
}Action: Update Security Policy
This action updates a security policy object.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Id | Enter the security policy object identifier. | Text | Required | |
Request body | Enter the request body in string format. | Text | Required | The following parameters are mandatory:
|
Example Request
{
"access_codes": [
"string"
],
"default_action": "action_allow",
"default_redirect_name": "redirect_a",
"description": "Security Policy A Description",
"dfp_services": [
"u2y3w3fuhhtx7aykfkuergkuboc33wyqrrmjnr5tyrlyredwow374gu5uwzqnsb6",
"u2y3w3fuhhtx7aykfkuergkuboc33wyqrrmjnr5tyrlyredwow374gu5uwzqaweq"
],
"dfps": [
12456,
163211
],
"ecs": true,
"name": "security_policy_a",
"net_address_dfps": [
{
"addr_net": "string",
"end": "string",
"external_scope_id": "string",
"host_id": "string",
"ip_space_id": "string",
"scope_type": "UNKNOWN",
"start": "string"
}
],
"network_lists": [
522436,
23465
],
"onprem_resolve": true,
"precedence": 0,
"roaming_device_groups": [
56312,
461345
],
"rules": [
{
"action": "action_block",
"data": "custom_list_a",
"policy_name": "security_policy_a",
"redirect_name": "redirect_a",
"type": "custom_list"
}
],
"safe_search": true,
"tags": {},
"user_groups": [
"string"
]
}Action: Generic Action
This generic action transcends the actions implemented by requesting any endpoint.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Method | Enter the HTTP method to make. | Text | Required | |
Endpoint | Enter the endpoint to request to. Example: /api/vulnerabilities/{cve_id}/affected-projects | Text | Required | |
Query params | Enter the query parameters to pass to the API. | Key Value | Optional | |
Payload | Enter the payload to pass to the API. | Any | Optional | |
Extra fields | Enter the extra fields to pass to the API. | Key Value | Optional |